session_09_vpn__ipsec__and_tls_101908

Client write key the symmetric cipher key used by the

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: m (such as MD5 or SHA). It also defines cryptographic attributes such as the hash_size. • Master secret — A 48-byte secret shared between the client and server. • Is Resumable — A flag indicating whether the session can be used to initiate new connections. VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 35 35 VPN, IPSec and TLS Connection Parameters • Server and client random — Byte sequences that are chosen by the server and client for each connection. • Server write MAC secret — The secret key used in MAC operations on data written by the server. • Client write MAC secret — The secret key used in MAC operations on data written by the client. • Server write key — The symmetric cipher key used by the server to encipher data and by the client to decipher it. • Client write key — The symmetric cipher key used by the client to encipher data and by the server to decipher it. • Initialization vectors — When a block cipher in CBC mode is used, an initialization vector (IV) is maintained for each key. • Sequence numbers — Sequence numbers maintained by each party for transmitted and received messages. VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 36 36 VPN, IPSec and TLS TLS Record Protocol • The TLS Record Protocol provides connection security that has the following four basic properties: — The connection is private. Symmetric encryption (e.g., AES, DES, RC4, etc.) is used for data encryption, after an initial handshake in which a pre-master secret key is defined. — The negotiation of a shared secret is secure. – No attacker can modify the negotiation communication without being detected by the parties to the communication. — The peer's identity can be authenticated using asymmetric or public key cryptography (e.g., RSA, DSS, etc.). — The connection is reliable. – Message transport includes a message integrity check using a keyed MAC (HMAC). – HMAC can be used with a variety of different hash algorithms, but TLS uses MD5 and SHA-1, denoting these as HMAC_MD5(secret, data) and HMAC_SHA(secret, data). VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 37 37 VPN, IPSec and TLS TLS R...
View Full Document

Ask a homework question - tutors are online